4 companies affected by security breaches in June
By Jordan Valinsky, CNN Business
There’s been a sharp rise in cyberattacks in recent weeks, often disrupting services and products that are essential to everyday lives.
In May, the ransomware attack that forced a six-day shutdown of Colonial Pipeline — a key East Coast line that delivers gas to millions of people — brought the scary situation to the forefront of people’s minds. Days later, food processor JBS USA also suffered a cyberattack, which affected servers supporting its IT systems.
The uneasy trend continued in June, with several high-profile companies like McDonald’s and Peloton revealing they, too, were targeted by hackers. These incidents highlight the growing need for cybersecurity professionals, a space that’s facing a skills gap.
Here’s who announced this month that they got hacked:
Electronics Arts
Hackers broke into the systems of Electronic Arts, one of the world’s biggest video game publishers, and stole source code used in company games. The company made the announcement earlier this month.
Online forum posts reviewed by CNN Business and vetted by an independent cybersecurity expert show that on June 6, hackers claimed to have obtained 780 gigabytes of data from EA, including source code for Frostbite, the game engine that powers games that include titles in the FIFA, Madden and Battlefield series.
Brett Callow, a threat analyst at cybersecurity software maker Emsisoft, said losing control over source code could be problematic for EA’s business.
“Source code could, theoretically, be copied by other developers or used to create hacks for games,” Callow said.
An EA spokesperson said “no player data was accessed, and we have no reason to believe there is any risk to player privacy. Following the incident, we’ve already made security improvements and do not expect an impact on our games or our business.”
McDonald’s
McDonald’s said earlier this month it, too, was affected by a data breach, which exposed private information of customers and employees in South Korea and Taiwan.
The burger chain said in a statement that an investigation revealed a “small number of files were accessed,” some of which contained personal data like emails, phone numbers and addresses. McDonald’s is contacting affected customers and regulators in the two areas and said that payment information wasn’t accessed.
“These tools allowed us to quickly identify and contain recent unauthorized activity on our network,” a McDonald’s spokesperson told CNN Business. “A thorough investigation was conducted, and we worked with experienced third parties to support this investigation.”
Peloton
Earlier in June, Peloton warned users of its Bike+ about a newly found security threat relating to the touchscreen. Researchers at cybersecurity company McAfee discovered a vulnerability that allows hackers to access Peloton’s bike screen and potentially spy on riders using its microphone and camera.
However, the threat most likely affects only the $2,495 bike used in public spaces, such as hotels or gyms. That’s because a hacker needs to physically access the screen and plug in a USB drive containing malicious code. Researchers said hackers can then discreetly control the stationary bike’s screen remotely and interfere with its operating system.
Fortunately, Peloton said it doesn’t know of any instances where this vulnerability was actually exploited, and the company pushed a mandatory software update to users to patch the problem.
Volkswagen
Volkswagen and Audi revealed this month they were hit by a data breach that exposed the contact information of customers in the United States and Canada, as well as personal details like drivers’ license numbers in some cases.
More than 3 million customers or shoppers had at least basic contact information stolen from an outside company that worked with the automakers, according to VW. That data included phone numbers, email addresses, postal mailing addresses and in some cases, vehicle identification numbers.
“We regret any inconvenience this may cause our current or potential customers,” VW USA said in a statement. “As always, we recommend that individuals remain alert for suspicious emails or other communications that might ask them to provide information about themselves or their vehicle.”
The-CNN-Wire
™ & © 2021 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.